Headline
GHSA-gmjj-g2rm-xwm7: thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to cross-site scripting (XSS) because it fails to sanitize user input in the stopword parameter. This has been fixed in 3.1.12.
thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
Moderate severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 6, 2023
Related news
CVE-2023-1884: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@7f0f921
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.